home

mkvcodec_setup.exe

Rspark LLC

This is the OutBrowse Revenyou installer which bundles offers for additional third party applications that may be unwanted and installed without consent. The application mkvcodec_setup.exe by Rspark has been detected as adware by 13 anti-malware scanners. The program is a setup application that uses the OutBrowse Revenyou installer. This program installs potentially unwanted software on your PC at the same time as the software you are trying to install, without adequate consent. It is also typically executed from the user's temporary directory.
Publisher:
Rspark LLC  (signed and verified)

MD5:
688386b02589b3aeb104f7fc5c458a4e

SHA-1:
215739024d64d312b8b6e9798312f885e7b45b49

SHA-256:
ad3e0754660e15d1dbed4eb31f569ae479d5d39be9fc07d70ac271de58071a84

Scanner detections:
13 / 68

Status:
Adware

Explanation:
Bundles additional adware offers during download and installation using the OutBrowse installer.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
4/16/2024 9:03:27 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
MemScan:Application.Bundler.Outbrowse.E
626

AVG
Generic
2016.0.3104

Bitdefender
MemScan:Application.Bundler.Outbrowse.E
1.0.20.700

ESET NOD32
Win32/OutBrowse
9.10055

F-Secure
MemScan:Application.Bundler.Outbrowse
11.2015-20-05_4

G Data
MemScan:Application.Bundler.Outbrowse
15.5.24

Malwarebytes
PUP.Optional.OutBrowse
v2015.05.20.05

MicroWorld eScan
MemScan:Application.Bundler.Outbrowse.E
16.0.0.420

NANO AntiVirus
Riskware.Raw.OutBrowse.dbpywt
0.28.0.60577

Qihoo 360 Security
Win32/Application.af9
1.0.0.1015

Reason Heuristics
PUP.Outbrowse.Bundler
15.5.20.5

Sophos
Generic PUA CB
4.98

VIPRE Antivirus
OutBrowse
31042

File size:
921.2 KB (943,344 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
OutBrowse Revenyou (using Nullsoft Install System)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\mkvcodec_setup.exe

Digital Signature
Signed by:
Rspark LLC

Authority:
DigiCert Inc

Valid from:
11/25/2013 12:00:00 AM

Valid to:
1/26/2015 12:00:00 PM

Subject:
CN=Rspark LLC, O=Rspark LLC, L=Seattle, S=Washington, C=US

Issuer:
CN=DigiCert High Assurance Code Signing CA-1, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:
0ADE80060D1D9FFF62ADB2CF331C657C

File PE Metadata
Compilation timestamp:
12/5/2009 10:50:52 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
24576:45HXdyZNrNF/4lgGhpwJxmntY1VKc9IsTELQ1:iHXc3BqXp6fScKsILK

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Entropy:
7.9172

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

Remove mkvcodec_setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.